tags:

views:

42

answers:

1
+1  Q: 

sandboxed python plugins

Hi

I'm planning to write a pluggable application in python (+qt4). However I have great concerns about security. The plugins should be powerful enough as to do whatever they like within the application (and as a further constraint there will be a signing process and a warning for the user when using such a plugin), but interacting with the environment (filesystem, other processes, networking, etc) should be done by the plugins only through some python code I will write.

Is there any safe and easy way to achieve it, beside having to do static code analysis on the code of the plugins prior to installing them?

+3  A: 

In short: No.

Explanation: For years, the Python gurus try to build a sandbox for Python. The problem with the sandbox is that you need a couple of things to do any IO (i.e. being able to transfer data at all between your sandbox and the app). They didn't find an automatic, pythonic way to do it. Either, you can't exchange data with the plugin or introspection would then allow to walk the object tree in the app -> access to everything you like.

Imagine your idea: The plugin calls some python code which you write. This probably means to call a method or function. That means you must give me a valid method or function object. From the method or function object, I can get your module object. From your module, I can get all the symbols (i.e. the imports). From there, I can do everything your module can do (at least).

See this article for some pointers.

Aaron Digulla  2010-04-20 09:25:04
Thanks for the explanation and for the link. One more question: Can I still achieve it by writing my app in C++ and using python via PythonQt as a scripting language, providing plugins written in python with (untrusted) objects from my application?
Flavius  2010-04-20 09:29:45
As I said: If you omit everything which accesses a Python library module and all the IO functions (open files, etc). What will be left will be little more than the syntax itself. If you exchange data, the plugin can reach anything your data object can reach.
Aaron Digulla  2010-04-20 14:55:38

related questions

Proprietary plug-ins for GPL programs: what about interpreted languages?
Source Versioning for Visual Studio Express
Mysql: Using "AND" Operation on tags and categories tables in Wordpress
Where is the best jQuery "plugins" library on the web?
Cannot add a launch shortcut (Eclipse Plug-in)
How to create a pluginable Java program?
Family Website CMS
Inserting at the very end in FCKeditor
eclipse javascript editor
Acts-as-readable Rails plugin Issue
Views in separate assemblies in ASP.NET MVC
DLL plugin that creates a parented window doesn't handle messages correctly
.Net Dynamic Plugin Loading with Authority
How to load plugins in .NET?
Looking for Reviews of VS.PHP (Visual Studio Plugin for PHP)
Picasa Plugin
Firefox plugin - sockets
Suggestions for Adding Plugin Capability?
Developing addins for World of Warcraft - Getting started?
Tabbed file browsing in Windows
Plugin for Visual Studio to Mimic Eclipse's "Open Type" or "Open Resource" Keyboard Access
Do you have any recommended plugins for Eclipse?
Do you have any recommended add-ons/plugins for Microsoft Visual Studio?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Best way to allow plugins for a PHP application